Short Bytes: FBI conducted hacking activities on 23 dark web websites including TorMail, an anonymous email service. The agency used network investigative technique to hack the 300 accounts suspected for child pornography. But recent documents reveal that FBI also dropped malware bombs on innocent users.
The case documents submitted by FBI were unsealed by the American Civil Liberties Union (ACLU) in September. The documents reveal the twist in the story that FBI wanted more than what the warrant permitted them. Besides gaining access to the enlisted accounts, the security agency also made attempts to catch the innocent fish using the TorMail service.
“That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade,” ACLU Principal Technologist Christopher Soghoian told Motherboard.
Back in 2013, FBI took control of a web hosting service Freedom Hosting which was a home to many child pornography websites and TorMail on the dark web. In order to harvest IP addresses of the users visiting any of the Freedom Hosting websites, FBI deployed its network investigative technique (NIT).
There were 23 such websites for which the NIT was used, the new court documents reveal. It also includes the names of those 300 TorMail accounts which were linked to child pornography. But in the case of TorMail, it has reported that the FBI had implemented the NIT before the TorMail login page was displayed giving them the privilege to track all the users coming to the website.
However, according to the affidavit, the NIT was only to be used for investigating “any user who logs into any of the TARGET ACCOUNTS by entering a username and password.”
The NIT malware – displayed in the form of an error message – deployed by the FBI was quickly discovered by the security community.
The warrant returned to the court has no mention that the FBI stopped their hacking activities because their malware was caught in the act by the security community. Also, that the malware was used to target innocent TorMail users, Soghoian said. “This strongly suggests that the FBI kept the court in the dark about the extent to which they botched the TorMail operation.”
Soghoian also said that it is not known whether the court was ever informed that the FBI “exceeded the scope of the warrant” or the agents who hacked into the accounts of innocent users were ever charged.
On FBI’s part, a spokesperson named Christopher Allen said FBI “narrowly tailors warrants but doesn’t exceed the scope of those warrants.”
FBI has also used NIT to catch the child porn lover Jay Michaud by hosting a website named PlayPen. The security agency has defended its pet malware by tagging it as “good” and they don’t have any bad intentions while deploying it.
The dark web email service TorMail has been inactive since August 2013. Despite the resembling name, it doesn’t have any relation with Tor.
If you have something to add, tell us in the comments below.